Windows Server 2012 NPS - occasional 9 seconds delay to radius requests RRS feed

  • Question

  • Windows 2012 R2 Network Policy Server is configured for 802.1x EAP-TLS authentication. The NPS is not the domain controller and this is the only role on this virtual machine. The RADIUS client is Extreme Networks switch. Workstations are Windows 7 Enterprise.

    The 802.1x is working, client machines are authenticated ok most of the time (within 1 second). Occasionally the NPS server does not response to RADIUS request for approx. 9 seconds and the switch drops the RADIUS session. The NPS then logs "EAP session timeout" within failed authentication request. The same client machine is then successfully authenticated after few minutes.

    RADIUS handshake packets in Wireshark trace on NPS server look identical for both, successful and failed authentication.

    How can I troubleshoot this NPS behavior and find the cause of this occasional 9 second delay on the NPS server?


    Thursday, June 26, 2014 9:28 AM


  • The cause of occasional 15 second delay to radius request was caused by Automatic Root Certificate Update. When we disabled this functionality on the radius server, the delay never happened again.
    • Marked as answer by BostjanR Thursday, July 17, 2014 10:08 PM
    Thursday, July 17, 2014 10:08 PM

All replies